SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

CISCO ISE DEPLOYMENT MODELS Cisco ISE Deployment models. Path: Design. Technology: Network Security. Area: Access and Identity Management. Vendor: Cisco. Software: 1.X, 2.X. Platform: ISE Physical Appliance, ISE Virtual Appliance. Cisco Identity Services Engine helps to concentrate all enterprise network identity policies in one place. ISE is a point of

the network where

CISCO ASA: SECURITY LEVEL AND NAMEIF You can think of it as a security zone thus give it the meaningful name as a best practice. To set the nameif and security level issue following commands: ASA#configure terminal. ASA (config)#interface GigabitEthernet0/0. ASA (config-if)#nameif outside. ASA (config-if)#security-level 10. ASA (config-if)#ip address 192.168.202.201 255.255.255.0. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. LAYER 3 SUBINTERFACE (HUAWEI) Layer 3 subinterface (Huawei) Sub-interfaces are multiple logical interfaces configured on a main (physical) interface to allow to communicate within subnets on a trunk link. Sub-interfaces can share physical layer parameters of their main interface or be configured with their respective link layer parameters and network layer

parameters.

TRUNK PORT CONFIG (HUAWEI) Trunk port config (Huawei) Technology: Switching. Area: Neighbor Discovery. Vendor: Huawei. Software: eNSP. Platform: Quidway switches. A trunk interface often connects to a switch, router, AP, or voice terminal that can receive and send tagged and untagged frames simultaneously. It allows tagged frames from multiple VLANs and

untagged frames

SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

CISCO ISE DEPLOYMENT MODELS Cisco ISE Deployment models. Path: Design. Technology: Network Security. Area: Access and Identity Management. Vendor: Cisco. Software: 1.X, 2.X. Platform: ISE Physical Appliance, ISE Virtual Appliance. Cisco Identity Services Engine helps to concentrate all enterprise network identity policies in one place. ISE is a point of

the network where

CISCO ASA: SECURITY LEVEL AND NAMEIF You can think of it as a security zone thus give it the meaningful name as a best practice. To set the nameif and security level issue following commands: ASA#configure terminal. ASA (config)#interface GigabitEthernet0/0. ASA (config-if)#nameif outside. ASA (config-if)#security-level 10. ASA (config-if)#ip address 192.168.202.201 255.255.255.0. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. LAYER 3 SUBINTERFACE (HUAWEI) Layer 3 subinterface (Huawei) Sub-interfaces are multiple logical interfaces configured on a main (physical) interface to allow to communicate within subnets on a trunk link. Sub-interfaces can share physical layer parameters of their main interface or be configured with their respective link layer parameters and network layer

parameters.

TRUNK PORT CONFIG (HUAWEI) Trunk port config (Huawei) Technology: Switching. Area: Neighbor Discovery. Vendor: Huawei. Software: eNSP. Platform: Quidway switches. A trunk interface often connects to a switch, router, AP, or voice terminal that can receive and send tagged and untagged frames simultaneously. It allows tagged frames from multiple VLANs and

untagged frames

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in

NEWS GRANDMETRIC

GRANDMETRIC ul. Metalowa 5 60-118 Poznań, Poland. Contact form . Home Privacy policy Terms & Conditions Contact Privacy policy Terms &

Conditions Contact

DNS SECURITY MALWARE PROTECTION I hereby agree to recieve information about the trainings offer from Grandmetric Sp. z o.o. by the electronic means.

CONTACT GRANDMETRIC

GRANDMETRIC ul. Metalowa 5 60-118 Poznań, Poland. Contact form . Home Privacy policy Terms & Conditions Contact Privacy policy Terms &

Conditions Contact

GRANDMETRIC ENGINEERS GRANDMETRIC ul. Metalowa 5 60-118 Poznań, Poland. Contact form . Home Privacy policy Terms & Conditions Contact Privacy policy Terms &

Conditions Contact

DNS SECURITY OR HOW TO PROTECT USERS WITH CISCO UMBRELLA Protecting DNS, we do not allow undesired domains to transfer information to our users. Cisco Umbrella is a simple and powerful DNS

security.

PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

CISCO ISE DEPLOYMENT MODELS Cisco ISE Deployment models. Path: Design. Technology: Network Security. Area: Access and Identity Management. Vendor: Cisco. Software: 1.X, 2.X. Platform: ISE Physical Appliance, ISE Virtual Appliance. Cisco Identity Services Engine helps to concentrate all enterprise network identity policies in one place. ISE is a point of

the network where

SD-WAN OVERLAY MANAGEMENT PROTOCOL (OMP) The Overlay Management Protocol (OMP) is the protocol responsible for establishing and maintaining the Cisco SD-WAN control plane. It provides the following services: Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN topologies. Distribution of service-level routing

information

GRANDMETRIC-CERTIFICATIONS GRANDMETRIC ul. Metalowa 5 60-118 Poznań, Poland. Contact form . Home Privacy policy Terms & Conditions Contact Privacy policy Terms &

Conditions Contact

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in PYTHON REST FRAMEWORKS PERFORMANCE COMPARISON TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ASA: SECURITY LEVEL AND NAMEIF You can think of it as a security zone thus give it the meaningful name as a best practice. To set the nameif and security level issue following commands: ASA#configure terminal. ASA (config)#interface GigabitEthernet0/0. ASA (config-if)#nameif outside. ASA (config-if)#security-level 10. ASA (config-if)#ip address 192.168.202.201 255.255.255.0. LAYER 3 SUBINTERFACE (HUAWEI) Layer 3 subinterface (Huawei) Sub-interfaces are multiple logical interfaces configured on a main (physical) interface to allow to communicate within subnets on a trunk link. Sub-interfaces can share physical layer parameters of their main interface or be configured with their respective link layer parameters and network layer

parameters.

SD-WAN OVERLAY MANAGEMENT PROTOCOL (OMP) The Overlay Management Protocol (OMP) is the protocol responsible for establishing and maintaining the Cisco SD-WAN control plane. It provides the following services: Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN topologies. Distribution of service-level routing

information

CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

TRUNK PORT CONFIG (HUAWEI) Trunk port config (Huawei) Technology: Switching. Area: Neighbor Discovery. Vendor: Huawei. Software: eNSP. Platform: Quidway switches. A trunk interface often connects to a switch, router, AP, or voice terminal that can receive and send tagged and untagged frames simultaneously. It allows tagged frames from multiple VLANs and

untagged frames

DMVPN PHASE 1 SINGLE HUB Packet is sent from Spoke1 to Spoke2 network via Hub (according to routing table) Spoke1 has this prefix via HUB tunnel IP for which has also NHRP static mapping. Hub routes packet to Spoke2 according to routing table via tunnel. DMVPN Phase 1 and EIGRP: Configure spokes as a stubs. Advertise their connected routes. CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm:

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in PYTHON REST FRAMEWORKS PERFORMANCE COMPARISON TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ASA: SECURITY LEVEL AND NAMEIF You can think of it as a security zone thus give it the meaningful name as a best practice. To set the nameif and security level issue following commands: ASA#configure terminal. ASA (config)#interface GigabitEthernet0/0. ASA (config-if)#nameif outside. ASA (config-if)#security-level 10. ASA (config-if)#ip address 192.168.202.201 255.255.255.0. LAYER 3 SUBINTERFACE (HUAWEI) Layer 3 subinterface (Huawei) Sub-interfaces are multiple logical interfaces configured on a main (physical) interface to allow to communicate within subnets on a trunk link. Sub-interfaces can share physical layer parameters of their main interface or be configured with their respective link layer parameters and network layer

parameters.

SD-WAN OVERLAY MANAGEMENT PROTOCOL (OMP) The Overlay Management Protocol (OMP) is the protocol responsible for establishing and maintaining the Cisco SD-WAN control plane. It provides the following services: Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN topologies. Distribution of service-level routing

information

CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

TRUNK PORT CONFIG (HUAWEI) Trunk port config (Huawei) Technology: Switching. Area: Neighbor Discovery. Vendor: Huawei. Software: eNSP. Platform: Quidway switches. A trunk interface often connects to a switch, router, AP, or voice terminal that can receive and send tagged and untagged frames simultaneously. It allows tagged frames from multiple VLANs and

untagged frames

DMVPN PHASE 1 SINGLE HUB Packet is sent from Spoke1 to Spoke2 network via Hub (according to routing table) Spoke1 has this prefix via HUB tunnel IP for which has also NHRP static mapping. Hub routes packet to Spoke2 according to routing table via tunnel. DMVPN Phase 1 and EIGRP: Configure spokes as a stubs. Advertise their connected routes. CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm:

NEWS GRANDMETRIC

GRANDMETRIC ul. Metalowa 5 60-118 Poznań, Poland. Contact form . Home Privacy policy Terms & Conditions Contact Privacy policy Terms &

Conditions Contact

GRANDMETRIC ENGINEERS GRANDMETRIC ul. Metalowa 5 60-118 Poznań, Poland. Contact form . Home Privacy policy Terms & Conditions Contact Privacy policy Terms &

Conditions Contact

CONTACT GRANDMETRIC

GRANDMETRIC ul. Metalowa 5 60-118 Poznań, Poland. Contact form . Home Privacy policy Terms & Conditions Contact Privacy policy Terms &

Conditions Contact

DNS SECURITY OR HOW TO PROTECT USERS WITH CISCO UMBRELLA Protecting DNS, we do not allow undesired domains to transfer information to our users. Cisco Umbrella is a simple and powerful DNS

security.

SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

TRUNK PORT CONFIGURATION (CISCO) Trunk port configuration (Cisco) Technology: Switching. Area: VLAN. Vendor: Cisco. Software: 12.X , 15.X, IP Base, IP Services, LAN Base, LAN Light. Platform: Catalyst 2960-X, Catalyst 3560. Trunk port configuration example to carry the different VLAN tags between two devices on the same physical link. Vendor agnostic technology (IEEE

802.1Q)

UMBRELLA TWITTER

I hereby agree to recieve information about the trainings offer from Grandmetric Sp. z o.o. by the electronic means. GRANDMETRIC TECH BLOG GRANDMETRIC ul. Metalowa 5 60-118 Poznań, Poland. Contact form . Home Privacy policy Terms & Conditions Contact Privacy policy Terms &

Conditions Contact

GRANDMETRIC-CERTIFICATIONS GRANDMETRIC ul. Metalowa 5 60-118 Poznań, Poland. Contact form . Home Privacy policy Terms & Conditions Contact Privacy policy Terms &

Conditions Contact

PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

SD-WAN OVERLAY MANAGEMENT PROTOCOL (OMP) The Overlay Management Protocol (OMP) is the protocol responsible for establishing and maintaining the Cisco SD-WAN control plane. It provides the following services: Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN topologies. Distribution of service-level routing

information

CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm: LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. SVI CONFIGURATION (CISCO) SVI configuration (Cisco) A Switched Virtual Interface (SVI) is routed interface in IOS representing the IP addressing space for particular VLAN connected to this interface. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from TRUNK PORT CONFIG (HUAWEI) Trunk port config (Huawei) Technology: Switching. Area: Neighbor Discovery. Vendor: Huawei. Software: eNSP. Platform: Quidway switches. A trunk interface often connects to a switch, router, AP, or voice terminal that can receive and send tagged and untagged frames simultaneously. It allows tagged frames from multiple VLANs and

untagged frames

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

SD-WAN OVERLAY MANAGEMENT PROTOCOL (OMP) The Overlay Management Protocol (OMP) is the protocol responsible for establishing and maintaining the Cisco SD-WAN control plane. It provides the following services: Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN topologies. Distribution of service-level routing

information

CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm: LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. SVI CONFIGURATION (CISCO) SVI configuration (Cisco) A Switched Virtual Interface (SVI) is routed interface in IOS representing the IP addressing space for particular VLAN connected to this interface. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from TRUNK PORT CONFIG (HUAWEI) Trunk port config (Huawei) Technology: Switching. Area: Neighbor Discovery. Vendor: Huawei. Software: eNSP. Platform: Quidway switches. A trunk interface often connects to a switch, router, AP, or voice terminal that can receive and send tagged and untagged frames simultaneously. It allows tagged frames from multiple VLANs and

untagged frames

DNS SECURITY OR HOW TO PROTECT USERS WITH CISCO UMBRELLA Protecting DNS, we do not allow undesired domains to transfer information to our users. Cisco Umbrella is a simple and powerful DNS

security.

PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

CISCO ISE DEPLOYMENT MODELS Cisco ISE Deployment models. Path: Design. Technology: Network Security. Area: Access and Identity Management. Vendor: Cisco. Software: 1.X, 2.X. Platform: ISE Physical Appliance, ISE Virtual Appliance. Cisco Identity Services Engine helps to concentrate all enterprise network identity policies in one place. ISE is a point of

the network where

SVI CONFIGURATION (CISCO) SVI configuration (Cisco) A Switched Virtual Interface (SVI) is routed interface in IOS representing the IP addressing space for particular VLAN connected to this interface. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from CISCO ASA: UPGRADE AND BOOT Cisco ASA: Upgrade and Boot. Technology: Network Security. Area: Firewalls. Vendor: Cisco. Software: 8.X, 9.X. Platform: Cisco ASA. To upgrade ASA-OS first download new image to disk0: (flash) for example from ftp server. After downloading, list the disk directory and IOS UPGRADE VIA FTP (CISCO) Technology: Setup Area: Setup Vendor: Cisco Software: 12.X , 15.X, IP Base, IP Services, LAN Base, LAN Light Platform: Catalyst 2960-X, Catalyst 3560 The firmware is a program which controls the operation and functionality of the switch. This is a mixture of software and hardware that has program code and data stored in it for EXPLAINED: HOW DOES WIRELESS WORK? Wireless is a way of transporting signals without any wires or optic fibers. Signals propagate through free space in this case. Often, the term wireless, refers to wireless communication. This is a way of transferring information between devices that are not connected with

wires.

CISCO SWITCH AND ISE UNIFIED PORT CONFIGURATION Cisco Switch and ISE unified port configuration. The one of main advantages of using central point of network access policy management (Cisco ISE) is possibility of keeping common access ports configuration across the network regardless location, switch type and users connected. To configure the switch to act as a radius client and

port to be

DHCP CONFIGURATION ON A CISCO SWITCH Platform: Catalyst 2960, 3560, 3750, 3850, 3650, 4500, 6500, 6800, Router ISR, 7200, ASR. DHCP Server functionality can be enabled on switch where are SVI interfaces or physical Layer 3 interfaces enabled. Example shows how to set DHCP configuration on a server with subnet 192.168.10.0/24. !---- enable SVI -----. Switch (config)#

interface VLAN10.

ACCESS PORT CONFIG (HUAWEI) Access port config (Huawei) An access port belongs to and carries the traffic of only one VLAN within 2-layer switch. Traffic is both received and sent in native formats with no VLAN tagging whatsoever. Anything arriving on an access port is simply assumed to belong to the VLAN assigned to the port.

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

SD-WAN OVERLAY MANAGEMENT PROTOCOL (OMP) The Overlay Management Protocol (OMP) is the protocol responsible for establishing and maintaining the Cisco SD-WAN control plane. It provides the following services: Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN topologies. Distribution of service-level routing

information

CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm: LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. SVI CONFIGURATION (CISCO) SVI configuration (Cisco) A Switched Virtual Interface (SVI) is routed interface in IOS representing the IP addressing space for particular VLAN connected to this interface. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from TRUNK PORT CONFIG (HUAWEI) Trunk port config (Huawei) Technology: Switching. Area: Neighbor Discovery. Vendor: Huawei. Software: eNSP. Platform: Quidway switches. A trunk interface often connects to a switch, router, AP, or voice terminal that can receive and send tagged and untagged frames simultaneously. It allows tagged frames from multiple VLANs and

untagged frames

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

SD-WAN OVERLAY MANAGEMENT PROTOCOL (OMP) The Overlay Management Protocol (OMP) is the protocol responsible for establishing and maintaining the Cisco SD-WAN control plane. It provides the following services: Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN topologies. Distribution of service-level routing

information

CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm: LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. SVI CONFIGURATION (CISCO) SVI configuration (Cisco) A Switched Virtual Interface (SVI) is routed interface in IOS representing the IP addressing space for particular VLAN connected to this interface. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from TRUNK PORT CONFIG (HUAWEI) Trunk port config (Huawei) Technology: Switching. Area: Neighbor Discovery. Vendor: Huawei. Software: eNSP. Platform: Quidway switches. A trunk interface often connects to a switch, router, AP, or voice terminal that can receive and send tagged and untagged frames simultaneously. It allows tagged frames from multiple VLANs and

untagged frames

DNS SECURITY OR HOW TO PROTECT USERS WITH CISCO UMBRELLA Protecting DNS, we do not allow undesired domains to transfer information to our users. Cisco Umbrella is a simple and powerful DNS

security.

PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

CISCO ISE DEPLOYMENT MODELS Cisco ISE Deployment models. Path: Design. Technology: Network Security. Area: Access and Identity Management. Vendor: Cisco. Software: 1.X, 2.X. Platform: ISE Physical Appliance, ISE Virtual Appliance. Cisco Identity Services Engine helps to concentrate all enterprise network identity policies in one place. ISE is a point of

the network where

SVI CONFIGURATION (CISCO) SVI configuration (Cisco) A Switched Virtual Interface (SVI) is routed interface in IOS representing the IP addressing space for particular VLAN connected to this interface. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from CISCO ASA: UPGRADE AND BOOT Cisco ASA: Upgrade and Boot. Technology: Network Security. Area: Firewalls. Vendor: Cisco. Software: 8.X, 9.X. Platform: Cisco ASA. To upgrade ASA-OS first download new image to disk0: (flash) for example from ftp server. After downloading, list the disk directory and IOS UPGRADE VIA FTP (CISCO) Technology: Setup Area: Setup Vendor: Cisco Software: 12.X , 15.X, IP Base, IP Services, LAN Base, LAN Light Platform: Catalyst 2960-X, Catalyst 3560 The firmware is a program which controls the operation and functionality of the switch. This is a mixture of software and hardware that has program code and data stored in it for EXPLAINED: HOW DOES WIRELESS WORK? Wireless is a way of transporting signals without any wires or optic fibers. Signals propagate through free space in this case. Often, the term wireless, refers to wireless communication. This is a way of transferring information between devices that are not connected with

wires.

CISCO SWITCH AND ISE UNIFIED PORT CONFIGURATION Cisco Switch and ISE unified port configuration. The one of main advantages of using central point of network access policy management (Cisco ISE) is possibility of keeping common access ports configuration across the network regardless location, switch type and users connected. To configure the switch to act as a radius client and

port to be

DHCP CONFIGURATION ON A CISCO SWITCH Platform: Catalyst 2960, 3560, 3750, 3850, 3650, 4500, 6500, 6800, Router ISR, 7200, ASR. DHCP Server functionality can be enabled on switch where are SVI interfaces or physical Layer 3 interfaces enabled. Example shows how to set DHCP configuration on a server with subnet 192.168.10.0/24. !---- enable SVI -----. Switch (config)#

interface VLAN10.

ACCESS PORT CONFIG (HUAWEI) Access port config (Huawei) An access port belongs to and carries the traffic of only one VLAN within 2-layer switch. Traffic is both received and sent in native formats with no VLAN tagging whatsoever. Anything arriving on an access port is simply assumed to belong to the VLAN assigned to the port.

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ISE DEPLOYMENT MODELS Cisco ISE Deployment models. Path: Design. Technology: Network Security. Area: Access and Identity Management. Vendor: Cisco. Software: 1.X, 2.X. Platform: ISE Physical Appliance, ISE Virtual Appliance. Cisco Identity Services Engine helps to concentrate all enterprise network identity policies in one place. ISE is a point of

the network where

PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm: LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

CISCO ASA: SECURITY LEVEL AND NAMEIF You can think of it as a security zone thus give it the meaningful name as a best practice. To set the nameif and security level issue following commands: ASA#configure terminal. ASA (config)#interface GigabitEthernet0/0. ASA (config-if)#nameif outside. ASA (config-if)#security-level 10. ASA (config-if)#ip address 192.168.202.201 255.255.255.0.

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ISE DEPLOYMENT MODELS Cisco ISE Deployment models. Path: Design. Technology: Network Security. Area: Access and Identity Management. Vendor: Cisco. Software: 1.X, 2.X. Platform: ISE Physical Appliance, ISE Virtual Appliance. Cisco Identity Services Engine helps to concentrate all enterprise network identity policies in one place. ISE is a point of

the network where

PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm: LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

CISCO ASA: SECURITY LEVEL AND NAMEIF You can think of it as a security zone thus give it the meaningful name as a best practice. To set the nameif and security level issue following commands: ASA#configure terminal. ASA (config)#interface GigabitEthernet0/0. ASA (config-if)#nameif outside. ASA (config-if)#security-level 10. ASA (config-if)#ip address 192.168.202.201 255.255.255.0. SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

RIPNG - GRANDMETRIC

Currently the majority of vendors has started to implement the IPv6 addressing scheme, hence IPv6 routing protocols are required to provide the routing functionalities. There are numerous IPv6-capable routing protocols been developed, such as RIPng, EIGRPv6, and OSPFv3. RIPng (RIP for IPv6) is designed to provide routing functionalities for an IPv6-based network. It is the next PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

SPAN PORT CONFIGURATION You’ll only need two commands to set up a SPAN port configuration. The first one is: Switch (config)#monitor session 1 source interface GigabitEthernet 0/1. The GE0/1 is the port that will be monitored and is also the one via which the Internet is accessed. The second command

is:

CISCO ASA: CISCO ANYCONNECT CONFIGURATION Software: CISCO ADAPTIVE SECURITY APPLIANCE (ASA) , ASA-OS. Platform: CISCO ASA 5500, 5500-X. Cisco Anyconnect Secure Mobility Client is software user-friendly application which creates VPN tunnel with VPN head end. Anyconnet by default uses SSL protocol to encrypt packets (can use also ikev2 / IPSec protocols). 1. DMVPN PHASE 1 SINGLE HUB Packet is sent from Spoke1 to Spoke2 network via Hub (according to routing table) Spoke1 has this prefix via HUB tunnel IP for which has also NHRP static mapping. Hub routes packet to Spoke2 according to routing table via tunnel. DMVPN Phase 1 and EIGRP: Configure spokes as a stubs. Advertise their connected routes. SD-WAN OVERLAY MANAGEMENT PROTOCOL (OMP) The Overlay Management Protocol (OMP) is the protocol responsible for establishing and maintaining the Cisco SD-WAN control plane. It provides the following services: Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN topologies. Distribution of service-level routing

information

ALLOW ONLY SSH TO DEVICE (CISCO) Allow only SSH to device (Cisco) Secure Shell (SSH) is a protocol used when one wants to have vides a secure remote access connection to network devices. Communication between the client and server is encrypted in both SSH version 1 and SSH version 2. Implement SSH version 2 when possible because it uses a more enhanced security

encryption

SVI CONFIGURATION (CISCO) SVI configuration (Cisco) A Switched Virtual Interface (SVI) is routed interface in IOS representing the IP addressing space for particular VLAN connected to this interface. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from CISCO SWITCH AND ISE UNIFIED PORT CONFIGURATION Cisco Switch and ISE unified port configuration. The one of main advantages of using central point of network access policy management (Cisco ISE) is possibility of keeping common access ports configuration across the network regardless location, switch type and users connected. To configure the switch to act as a radius client and

port to be

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ISE DEPLOYMENT MODELS Cisco ISE Deployment models. Path: Design. Technology: Network Security. Area: Access and Identity Management. Vendor: Cisco. Software: 1.X, 2.X. Platform: ISE Physical Appliance, ISE Virtual Appliance. Cisco Identity Services Engine helps to concentrate all enterprise network identity policies in one place. ISE is a point of

the network where

PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm: LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

CISCO ASA: SECURITY LEVEL AND NAMEIF You can think of it as a security zone thus give it the meaningful name as a best practice. To set the nameif and security level issue following commands: ASA#configure terminal. ASA (config)#interface GigabitEthernet0/0. ASA (config-if)#nameif outside. ASA (config-if)#security-level 10. ASA (config-if)#ip address 192.168.202.201 255.255.255.0.

GRANDMETRIC

Grandmetric is an ITelco Next Generation Consulting company providing technical and business insights, technical trainings and advanced services specializing in WHAT IS CISCO FIREPOWER? THE INTRODUCTION The flagship firewall of Cisco – the Cisco ASA (Adaptive Security Appliance) and FirePOWER technology (the result acquision of Source Fire company by Cisco in 2013) lied down the foundation of “next generation firewall” line of products in Cisco’s portfolio: ASA FirePOWER Services. This next generation firewall is composed of

widely

SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

TRUNK PORT CONFIGURATION (CISCO) To restrict the link to carry only specified VLANs use the allowed vlan command. Switch (config)# interface GigabitEthernet 0/0/10. Switch (config-if)# switchport trunk allowed vlan 1,2,3,4. To verify how the trunk port is configured you can issue few show commands: Switch# show run interface GigabitEthernet 0/0/10. CISCO ISE DEPLOYMENT MODELS Cisco ISE Deployment models. Path: Design. Technology: Network Security. Area: Access and Identity Management. Vendor: Cisco. Software: 1.X, 2.X. Platform: ISE Physical Appliance, ISE Virtual Appliance. Cisco Identity Services Engine helps to concentrate all enterprise network identity policies in one place. ISE is a point of

the network where

PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

CISCO ASA: HOW TO ENABLE ASDM ACCESS TO ASA To configure ASDM (HTTP) access to Cisco ASA on particular interfaces, where core and management are the nameifs use following commands: ASA (config)#aaa authentication http console LOCAL. ASA (config)#http server enable. ASA (config)#http 0.0.0.0 0.0.0.0 core. Remember to create username, password to be able to authenticate to asdm: LACP MODE CONFIGURATION (CISCO) LACP configuration on Cisco switch. Link Aggregation Control Protocol IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation. CISCO ASA: SAME SECURITY LEVEL INTERFACE So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior. To change this, use command: ASA#configure terminal. ASA (config)#same-security-traffic permit inter-interface. Above commands applies to traffic passing more than one interface (from on to

another).

CISCO ASA: SECURITY LEVEL AND NAMEIF You can think of it as a security zone thus give it the meaningful name as a best practice. To set the nameif and security level issue following commands: ASA#configure terminal. ASA (config)#interface GigabitEthernet0/0. ASA (config-if)#nameif outside. ASA (config-if)#security-level 10. ASA (config-if)#ip address 192.168.202.201 255.255.255.0. SPANNING TREE PROTOCOL (STP) CONFIGURATION The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates. The topology is named Spanning Tree, because it is

constructed as a

RIPNG - GRANDMETRIC

Currently the majority of vendors has started to implement the IPv6 addressing scheme, hence IPv6 routing protocols are required to provide the routing functionalities. There are numerous IPv6-capable routing protocols been developed, such as RIPng, EIGRPv6, and OSPFv3. RIPng (RIP for IPv6) is designed to provide routing functionalities for an IPv6-based network. It is the next PAGP CONFIGURATION (CISCO) PAgP configuration (Cisco) Technology: Switching. Area: Link aggregation. Vendor: Cisco. Software: 12.X , 15.X. Platform: Catalyst platforms. Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated, logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes

of PAgP:

SPAN PORT CONFIGURATION You’ll only need two commands to set up a SPAN port configuration. The first one is: Switch (config)#monitor session 1 source interface GigabitEthernet 0/1. The GE0/1 is the port that will be monitored and is also the one via which the Internet is accessed. The second command

is:

CISCO ASA: CISCO ANYCONNECT CONFIGURATION Software: CISCO ADAPTIVE SECURITY APPLIANCE (ASA) , ASA-OS. Platform: CISCO ASA 5500, 5500-X. Cisco Anyconnect Secure Mobility Client is software user-friendly application which creates VPN tunnel with VPN head end. Anyconnet by default uses SSL protocol to encrypt packets (can use also ikev2 / IPSec protocols). 1. DMVPN PHASE 1 SINGLE HUB Packet is sent from Spoke1 to Spoke2 network via Hub (according to routing table) Spoke1 has this prefix via HUB tunnel IP for which has also NHRP static mapping. Hub routes packet to Spoke2 according to routing table via tunnel. DMVPN Phase 1 and EIGRP: Configure spokes as a stubs. Advertise their connected routes. SD-WAN OVERLAY MANAGEMENT PROTOCOL (OMP) The Overlay Management Protocol (OMP) is the protocol responsible for establishing and maintaining the Cisco SD-WAN control plane. It provides the following services: Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN topologies. Distribution of service-level routing

information

ALLOW ONLY SSH TO DEVICE (CISCO) Allow only SSH to device (Cisco) Secure Shell (SSH) is a protocol used when one wants to have vides a secure remote access connection to network devices. Communication between the client and server is encrypted in both SSH version 1 and SSH version 2. Implement SSH version 2 when possible because it uses a more enhanced security

encryption

SVI CONFIGURATION (CISCO) SVI configuration (Cisco) A Switched Virtual Interface (SVI) is routed interface in IOS representing the IP addressing space for particular VLAN connected to this interface. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from CISCO SWITCH AND ISE UNIFIED PORT CONFIGURATION Cisco Switch and ISE unified port configuration. The one of main advantages of using central point of network access policy management (Cisco ISE) is possibility of keeping common access ports configuration across the network regardless location, switch type and users connected. To configure the switch to act as a radius client and

port to be

×

SEARCH

Toggle navigation

* Home

* Training

* Services

* Networking

* Cisco Systems Offering

* VMware Networking

* SD-WAN Delivery

* Software-Defined Networks * Enterprise Wireless * Wireless Design & Planning * Wireless site survey

* Infrastructure

* Storage Solutions

* Software-Defined Data Center

* Disaster Recovery

* Managed Services

* Operations Center (NOC) * Network Monitoring

* Managed WiFi

* Managed LAN

* Cloud Services

* Microsoft Office 365 Cloud * Microsoft Azure Migrations * Hybrid Active Directory

* Consulting

* Professional Pre-Sales

* IoT Engineering

* Education Content Delivery

* 5G Consulting

* IT Licensing & Audits

* Knowledge Base

* Research

* Design & Config

* Glossary

* E-learning

* Company

* About us

* Careers

* Expertise

* Our team

* News

* Blog

* Contact

Schedule a free product or technology session with Grandmetric

Engineer

schedule a video call

×

SCHEDULE A VIDEO CALL I give my consent for processing my personal data in order to complete the process of arranging a video meeting

Send

To see how we handle with personal details check out Privacy Policy

.

SD-WAN Delivery

Optimize WAN costs, build SD-WAN overlay

Read More

NOC Follow-The-Sun

IT infrastructure monitoring & operations

Read More

TECHNOLOGY STRATEGY

Let's talk about SD-WAN, Wireless, Cloud or Infrastructure Automation

Read More

First SD-WAN in Poland Read about Cisco SD-WAN implementation for Pfeifer & Langen Polska

Download Case Study

Cisco HyperFlex

Meet Cisco hyperconvergence technology

Read More

SD-WAN Delivery

Optimize WAN costs, build SD-WAN overlay

Read More

NOC Follow-The-Sun

IT infrastructure monitoring & operations

Read More

TECHNOLOGY STRATEGY

Let's talk about SD-WAN, Wireless, Cloud or Infrastructure Automation

Read More

First SD-WAN in Poland Read about Cisco SD-WAN implementation for Pfeifer & Langen Polska

Download Case Study

Cisco HyperFlex

Meet Cisco hyperconvergence technology

Read More

SD-WAN Delivery

Optimize WAN costs, build SD-WAN overlay

Read More

NEWS & BLOG

03.2020

Grandmetric to establish VMware Professional Partnership We're glad to inform that Grandmetric and VMware established professional level partnership. VMware is a global provider of virtualization and data center solutions including hypervisors (widely known #ESXi), multi-cloud networking with its #NSX and virtual desktop infrastructure #VDI #Horizon to name a few.

read more

02.2020

Grandmetric named Cisco Hyperflex Authorized Partner Congratulations to GRANDMETRIC for meeting the Authorization program requirements necessary to earn the designation of Cisco Hyperflex Authorization in the POLAND. In recognition of this achievement, Cisco will feature your company as having achieved the HyperFlex Authorization designation in Cisco Partner Locator.

read more

01.2020

Wi-Fi issues: site-surveys and troubleshooting Recently, we've been doing numerous site surveys and verification of Wi-Fi deployments in offices with more than 50APs per office in a managed setup (meaning that the APs are under the supervision of a wireless controller). In this post, I'd like to sketch an overview of the encountered issues and improvement suggestions.

read more

01.2020

Grandmetric to partner with NetApp Storage solutions With the beginning of the year we have great news. Grandmetric has met all requirements to achieve Gold Partnership from NetApp . NetApp is a global leader in high-end storage and hybrid-cloud solutions. Our team as a Gold Partner team is now able to quote the comprehensive end-to-end solution and Systems Engineers are ready to help in designing and implementing enterprise-class storage for DCs of our

clients.

read more

HOW WE CAN HELP YOU?

SD-WAN

Delivery & migrations

Learn more

NOC 24/7/365

Monitor & automate IT infrastructure

Learn more

DESIGN & TRANSFORM

Network, DC, Office365, Cloud

Learn more

START

an IoT Project

Learn more

PROVIDE

future networks consultation

Learn more

TRAIN

me or my team

Learn more

FEATURING

Enterprise Wireless - An Insight Into Different Wi-Fi Aspects

TYPE: Guidepaper

Our latest Guidepaper we aim to provide a detailed insight into the world of enterprise wireless covering different aspects such as: the Wi-Fi technologies (and evolution), security mechanisms available, along with associated parameters involved in configuring and measurements involved in troubleshooting such a network. Also, note that this Guidepaper's contents are based on our unique "Enterprise Wireless Advanced" Course, discussion of which you can also find

inside.

download

Internet-of-Things - An Excursion Through the Selected IoT

Technologies

TYPE: Guidepaper

This Guidepaper provides a detailed overview of Cellular IoT concept followed by an overview of the current technologies such as NB-IoT,

eMTC etc.

download

Overview of Next Generation Firewall Security Products - Medium Scale

Enterprise

TYPE: Guidepaper

This Guidepaper discusses the various Next Generation Firewall products available in the market that can be utilized for Medium scale

enterprise.

download

TECHNOLOGIES

Grandmetric is an IT Next Generation Systems integration company helping clients with their IT transformation, infrastructure automation, LAN, WiFi, SD-WAN & SDN delivery. Fast growing Grandmetric team is becoming also a referal point in Cloud migrations and DC Stack management with their Storage, OS and virtualization experience. Grandmetric provides technical insights along with technical trainings in areas of expertise. Latest projects cover also IoT subjects R&D in the area of IoT backend development, big data analysis and monitoring. Based on above experience in production systems maintenance, new division – Grandmetric Managed Services (GMS) maintaining IT infrastructure of corporates & globally present customers is available for demanding IT environments.

ENTERPRISE NETWORKS

There are huge range of technology aspects covering modern enterprises requirements. Starting with fundamental LAN and WAN connectivity, Internet Edge, Data Centers, mobility, collaboration, DC and Security and ending with the latest Software Defined Networks, Cloud directions, CIO’s, IT Managers, IT specialists might be confused which way to go. Grandmetric with their expertise, enterprise experience and research division helps enterprises to transform. Our latest activities cover SD-WAN transformations, WiFi troubleshooting and re-designs, IT Infrastructure automation (Jenkins, Ansible, Git, conainers), DevOps culture building.

Training

Knowledge base

WIRELESS SYSTEMS

Mobile networks have been in spotlight since the introduction of LTE, back in 2009. Since then, there has been significant growth in mobile network technology at a very fast pace which includes introduction of Small Cells & Heterogeneous Networks (HetNets), Internet-of-Things (IoT), Self-Organizing Networks (SON), virtualization and 5G. Check how Grandmetric can help you to understand latest radio trends and to decide in future investments in technology.

Knowledge base

INTERNET OF THINGS

IoT is a buzzword that everybody uses nowadays. You have probably heard about devices talking to other devices and servers and applications through Internet without human involvements. You have also probably heard about ideas like, smart city, smart parking, smart factory, smart house, etc. We are going beyond the hype and design, prototype and deploy such systems in practice with an example of “Souly” – a smart building solution with massive number of sensors, actuators and gateways connected to realize customers’ requirements such like energy savings. Ask Us about Internet of Thins aspects like: MQTT brokers, processing stacks, MQTT over SSL transmission, dockers, big data monitoring, highly efficient databases, API development, automation and multitenancy.

IoT Engineering

Souly Website

NETWORK SECURITY

Confidentiality of data, importance of service continuity and consistently growing online business makes Security number one topic in IT business. There are many approaches, products, visions and vendors that address some security challenges. Due to the research, analysis and comparative studies done by our team with strong security background and experience we know how to choose the best path to secure your network and services.

Training

Knowledge base

FOUNDERS

Board Member | Advisory Architect

Marcin Bialy

Board Member | Advisory Architect Marcin is a Head of IP & Security areas in Grandmetric. He conducts Grandmetric authorized training and is heading research in IP and Network Security areas. Acting as a Board Member defines company’s

strategy .

Principal Consultant | Wireless Systems Architect Marcin Dryjanski, Ph.D. Principal Consultant | Wireless Systems Architect Marcin is leading the mobile communications field in Grandmetric. He is responsible for technical consulting and research in the wireless

area.

CLIENTS & PARTNERS

TESTIMONIALS

Marcin is a very knowledgeable Principal Consultant in 5G / Wireless research technologies. He has a great attitude and is helpful, humble and friendly. I am sure with his all round business knowledge he will make a success of Grandmetric, good luck Marcin!

Nick Bailey

Head Connected World The usual, thorough, 5G materials we are by now used to receive from Grandmetric. Thank you very much for always sharing insightful info. Ramses Rodríguez Ferguson Consultant & 3GPP RAN SME, Panamá Very interesting training, professionally prepared. The teacher was with solid technical knowledge and, what’s even more important, with experience in implementation of big projects. I sincerely recommend and would happily take part again.

Marcin Berkowicz

Network Administrator, Allegro Group I see your knowledge and experience is top stuff

Brian Parsons

CEO & Founder Telecom Forensics Equipment Marcin is a very knowledgeable Principal Consultant in 5G / Wireless research technologies. He has a great attitude and is helpful, humble and friendly. I am sure with his all round business knowledge he will make a success of Grandmetric, good luck Marcin!

Nick Bailey

Head Connected World The usual, thorough, 5G materials we are by now used to receive from Grandmetric. Thank you very much for always sharing insightful info. Ramses Rodríguez Ferguson Consultant & 3GPP RAN SME, Panamá Very interesting training, professionally prepared. The teacher was with solid technical knowledge and, what’s even more important, with experience in implementation of big projects. I sincerely recommend and would happily take part again.

Marcin Berkowicz

Network Administrator, Allegro Group I see your knowledge and experience is top stuff

Brian Parsons

CEO & Founder Telecom Forensics Equipment

NEWSLETTER

Network & Wireless Newsletter. Subscribe and... Stay Connected!

Sign Up

Yes

No

I hereby agree to receive information about the trainings offer from Grandmetric Sp. z o.o. by the electronic means. To see how we handle with personal details check out Privacy Policy

.

GRANDMETRIC

ul. Garncarska 9 (3rd floor) 61-817 Poznań, Poland info@grandmetric.com

Contact form

Home Privacy policy

Terms & Conditions

Contact

March

January

February

March

April

May

June

July

August

September

October

November

December

__

2020

1950

1951

1952

1953

1954

1955

1956

1957

1958

1959

1960

1961

1962

1963

1964

1965

1966

1967

1968

1969

1970

1971

1972

1973

1974

1975

1976

1977

1978

1979

1980

1981

1982

1983

1984

1985

1986

1987

1988

1989

1990

1991

1992

1993

1994

1995

1996

1997

1998

1999

2000

2001

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

2025

2026

2027

2028

2029

2030

2031

2032

2033

2034

2035

2036

2037

2038

2039

2040

2041

2042

2043

2044

2045

2046

2047

2048

2049

2050

__

SUN

MON

TUE

WED

THU

FRI

SAT

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

1

2

3

4

00:00

01:00

02:00

03:00

04:00

05:00

06:00

07:00

08:00

09:00

10:00

11:00

12:00

13:00

14:00

15:00

16:00

17:00

18:00

19:00

20:00

21:00

22:00

23:00

This site uses cookies to make our site work better. Read more

I accept